settingsLogin | Registersettings

[Openstack-operators] Pacemaker / Corosync in guests on OpenStack

0 votes

Has anyone had experience setting up a cluster of VM guests running Pacemaker / Corosync? Any recommendations?

Tim


OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
asked Aug 17, 2017 in openstack-operators by Tim_Bell (16,440 points)   1 5 10

2 Responses

0 votes

I just did recently and had no issues. I used a provider network so I don't
have experience using it with project networks but I believe the only issue
you might run into with project networks is multicast. You can work around
this by using unicast instead.

If you do you use multicast you need to enable IGMP in your security
groups. You can do this in Horizon by selecting other protocol and setting
the IP protocol number to 2.

I hit a minor issue setting up a VIP because port security wouldn't allow
traffic to the instance that was destined for that address but all I had to
do was add the VIP as an allowed address pair on the port of each instance.
Also, I attached an additional interface to one of the instances to
allocate the VIP, I just didn't configure the interface within the
instance. Since we use DHCP this was a simple way to reserve the IP. I'm
sure I could have created a pacemaker resource that would move the port
using the OpenStack API but I prefer the simplicity and speed of Pacemakers
ocf:ipaddr2 resource.

I setup fencing of the instances via the openstack api to avoid any chance
of a duplicate IP when moving the VIP. I borrowed this script
https://github.com/beekhof/fence_openstack/blob/master/fence_openstack and
made a few minor changes.

Overall there weren't many differences between setting up pacemaker in
OpenStack vs Iron but I hope this is helpful.

Regards,

John Petrini

On Wed, Aug 16, 2017 at 6:06 AM, Tim Bell Tim.Bell@cern.ch wrote:

Has anyone had experience setting up a cluster of VM guests running
Pacemaker / Corosync? Any recommendations?

Tim


OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators


OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
responded Aug 16, 2017 by John_Petrini (1,880 points)   4 5
0 votes

+1 to Johns answer.

We also run Pacemaker/Corosync clusters inside OpenStack instances (in project/self service networks). Our clusters are formed by 3 instances each and run in production currently. We didn't see any problems with migrations, handmade or triggered by Pacemaker.

I recommend using unicast for the cluster communication too + using the default ocf:heartbeat:IPaddr2 resource agent to keep things simple.

For the VIP we use a dummy port (neutron port create) and allow its IP address to all cluster members via 'neutron port update'. That port is never attached to any instance, they are just using its IP address on their default ports.

The idea of fencing via the API sounds pretty neat, so I will have a look on that ;)

best regards,

hauke


From: John Petrini jpetrini@coredial.com
Sent: Wednesday, August 16, 2017 12:55 PM
To: Tim Bell
Cc: openstack-operators
Subject: Re: [Openstack-operators] Pacemaker / Corosync in guests on OpenStack

I just did recently and had no issues. I used a provider network so I don't have experience using it with project networks but I believe the only issue you might run into with project networks is multicast. You can work around this by using unicast instead.

If you do you use multicast you need to enable IGMP in your security groups. You can do this in Horizon by selecting other protocol and setting the IP protocol number to 2.

I hit a minor issue setting up a VIP because port security wouldn't allow traffic to the instance that was destined for that address but all I had to do was add the VIP as an allowed address pair on the port of each instance. Also, I attached an additional interface to one of the instances to allocate the VIP, I just didn't configure the interface within the instance. Since we use DHCP this was a simple way to reserve the IP. I'm sure I could have created a pacemaker resource that would move the port using the OpenStack API but I prefer the simplicity and speed of Pacemakers ocf:ipaddr2 resource.

I setup fencing of the instances via the openstack api to avoid any chance of a duplicate IP when moving the VIP. I borrowed this script https://github.com/beekhof/fence_openstack/blob/master/fence_openstack and made a few minor changes.

Overall there weren't many differences between setting up pacemaker in OpenStack vs Iron but I hope this is helpful.

Regards,

John Petrini

On Wed, Aug 16, 2017 at 6:06 AM, Tim Bell Tim.Bell@cern.ch wrote:

Has anyone had experience setting up a cluster of VM guests running Pacemaker / Corosync? Any recommendations?

Tim


OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators


OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
responded Aug 17, 2017 by Hauke_Bruno_Wollenti (600 points)   1
...